Introduce a new CARM config map with support for `teamIDs` and service level isolation

[TiberiuGC]

Issue #, if available: https://github.com/aws-controllers-k8s/community/issues/2031

Description of changes:

• on top of https://github.com/aws-controllers-k8s/runtime/pull/139
• putting the CARMv2 map behind a feature flag
• adding support for service level isolation e.g.

data:
  team-id.team-a: "arn:aws:iam::111111111111:role/team-a-global-role"
  s3.team-id.team-a: "arn:aws:iam::111111111111:role/team-a-s3-role"
  dynamodb.team-id.team-a: "arn:aws:iam::111111111111:role/team-a-dynamodb-role"

OR

data:
  owner-account-id.111111111111: arn:aws:iam::111111111111:role/global-role
  s3.owner-account-id.111111111111: arn:aws:iam::111111111111:role/s3-role
  dynamodb.owner-account-id.111111111111: arn:aws:iam::111111111111:role/dynamodb-role

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[ack-prow[bot]]

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

[a-hilaly]

/lgtm cancel

[ack-prow[bot]]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: TiberiuGC Once this PR has been reviewed and has the lgtm label, please ask for approval from a-hilaly by writing /assign @a-hilaly in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment